Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
The Email Delivered Code Identity Authenticator may be used to deliver a verification code to an email address stored in a specified attribute from a user's SCIM resource and then verify the code subsequently entered by the user.
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The Email Delivered Code Identity Authenticator component inherits from the Identity Authenticator
The following components have a direct aggregation relation from Email Delivered Code Identity Authenticators:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ authentication-method-reference | |
| ↓ schema-urn | |
| ↓ attribute-path | |
| ↓ code-generator | |
| ↓ code-validity-duration | |
| ↓ sender-address | |
| ↓ requires-validation | |
| ↓ smtp-server | |
| ↓ message-subject | |
| ↓ message-body | |
| ↓ obfuscated |
| Description | A description for this Identity Authenticator |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
authentication-method-reference
| Description | Specifies identifiers of the authentication methods provided by this Email Delivered Code Identity Authenticator. Each value is exposed in the "amr" (authentication method reference) claim in an ID token, and also the "lastLoginMethods" and "lastSecondFactorMethods" properties of a user session SCIM sub-resource. |
| Default Value | otp |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The URN which identifies the SCIM extension schema that should contain attributes intended for this Email Delivered Code Identity Authenticator in authentication request and response messages. |
| Default Value | urn:pingidentity:scim:api:messages:2.0:EmailDeliveredCodeAuthenticationRequest |
| Allowed Values | A URN begins with 'urn:', is followed by a namespace component that is no more than 32 alpha-numeric characters long, which is followed by one or more colon-delimited identifiers consisting of legal URN characters (letters, digits, and characters in '()+,-.:=@;$_!*'). For example, a URN in the 'acme' namespace might be "urn:acme:identity:User.name". |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the path of the email address attribute on the user's SCIM resource. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The verification code generator that will be used to create a new code to be delivered to the end user. |
| Default Value | None |
| Allowed Values | The DN of any Verification Code Generator. If this Email Delivered Code Identity Authenticator is enabled, then the associated verification code generator must also be enabled. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The maximum length of time the verification code remains valid after it has been issued. |
| Default Value | 2m |
| Allowed Values | A duration. Lower limit is 1 seconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The email address to use as the sender for the message. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Whether this authenticator is only applicable if the user's current email address was validated using the Email Validator SCIM Sub Resource Type Handler. If set to false, this authenticator can use any current email address. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the set of servers that will be used to send email messages. The order in which the servers are listed indicates the order in which the Data Governance Broker will attempt to use them in the course of sending a message. The first attempt will always go to the server at the top of the list, and servers further down the list will only be used if none of the servers listed above it were able to successfully send the message. |
| Default Value | None |
| Allowed Values | The DN of any SMTP External Server. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the subject that should be used for email messages generated by this authenticator. The message subject may contain the token "%code%" which will be dynamically replaced by the generated one-time code. The "%code%" token must be present in at least one of the message subject or the message body. |
| Default Value | Ping Identity Data Governance Authentication Code: %code% |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the body that should be used for email messages generated by this authenticator. The message body may contain the token "%code%" which will be dynamically replaced by the generated one-time code. The "%code%" token must be present in at least one of the message subject or the message body. |
| Default Value | If no message body is specified, an email with subject line only is sent. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the email address returned in the authenticator response should be obfuscated. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Identity Authenticators:
dsconfig list-identity-authenticators
[--property {propertyName}] ...
To view the configuration for an existing Identity Authenticator:
dsconfig get-identity-authenticator-prop
--authenticator-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Identity Authenticator:
dsconfig set-identity-authenticator-prop
--authenticator-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Email Delivered Code Identity Authenticator:
dsconfig create-identity-authenticator
--authenticator-name {name}
--type email-delivered-code
--set attribute-path:{propertyValue}
--set code-generator:{propertyValue}
--set sender-address:{propertyValue}
--set requires-validation:{propertyValue}
--set smtp-server:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Identity Authenticator:
dsconfig delete-identity-authenticator
--authenticator-name {name}